Locky Ransomware spreading through Facebook Messenger Via SVG File

SVG(Scalable Vector Graphics) send by your friend may have Locky Ransomwares, avoid clicking it. By appending the Ransomware to an image file can Bypass Facebook security framework pretending to be an image file.

SVG (Scalable Vector Graphics):

SVG is an XML-based vector image format for two-dimensional graphicswith support for interactivity and animation. The SVGspecification is an open standard developed by the World Wide Web Consortium (W3C) since 1999. SVGimages and their behaviors are defined in XML text files.

Ransomware:

A type of malicious software designed to block access to a computer system until a sum of money is paid.

Why make’s it as a Dropper?

SVG images can be created and edited with any text editor, more often they are created directly with a software that elaborates the images.More specifically, this means that you can embed any content you want (such as JavaScript), additionally, any modern browser will therefore able to open this file.

The experts at AppRiver noticed that threat actors in the wild were exploiting a small JavaScript entry contained in the SVG files that allow them to redirect victims to a website used to serve. These SVG files however contained a small javascript entry that would open a webpage to download some malware.” AppRiver researchers said in ablog post.

How do we Remove Malicious Extensions

Firefox and Chrome has already blocked this extension and we hope Facebook will do that soon. Suppose if you are tricked into installing in this malware file you should remove them immediately.

To remove the offending extension, just go to Menu → More Tools → Extensions and check for the extension and remove it.Even worse, if you were infected with the ransomeware the only way is to restore the files. Stay safe.